사용자 도구

사이트 도구


kb:windowseventlog

Windows Event Log

이벤트 로그에 기록하기

// 헤더 파일 어딘가에, 이벤트 ID를 정의
//
// MessageId: MSG_ERR_EXIST
// MessageText:
//  File %1 does not exist.
//
#define MSG_ERR_EXIST ((DWORD)0xC0000004L)
 
...
 
void MyReportEvent(LPCTSTR *szMsg)
{
    HANDLE h; 
 
    h = RegisterEventSource(
        NULL,            // uses local computer 
        TEXT("SamplApp") // source name 
        );    
 
    if (h == NULL) 
        ErrorExit("Could not register the event source."); 
 
    if (!ReportEvent(h,       // event log handle 
        EVENTLOG_ERROR_TYPE,  // event type 
        0,                    // category zero 
        MSG_ERR_EXIST,        // event identifier 
        NULL,                 // no user security identifier 
        1,                    // one substitution string 
        0,                    // no data 
        szMsg,                // pointer to string array 
        NULL))                // pointer to data 
    {
        ErrorExit(TEXT("Could not report the event.")); 
    }
 
    DeregisterEventSource(h); 
}

이벤트 로그 읽어들이기

void DisplayEntries( )
{
    HANDLE h;
    EVENTLOGRECORD *pevlr; 
    BYTE bBuffer[BUFFER_SIZE]; 
    DWORD dwRead, dwNeeded, cRecords, dwThisRecord; 
 
    // Open the Application event log. 
    h = OpenEventLog(
        NULL,         // use local computer
        "Application" // source name
        );   
 
    if (h == NULL) 
        ErrorExit("Could not open the Application event log."); 
 
    pevlr = (EVENTLOGRECORD*)&bBuffer; 
 
    // Get the record number of the oldest event log record.
    GetOldestEventLogRecord(h, &dwThisRecord);
 
    // Opening the event log positions the file pointer for this 
    // handle at the beginning of the log. Read the event log records 
    // sequentially until the last record has been read. 
 
    while (ReadEventLog(h,        // event log handle 
        EVENTLOG_FORWARDS_READ |  // reads forward 
        EVENTLOG_SEQUENTIAL_READ, // sequential read 
        0,                        // ignored for sequential reads 
        pevlr,                    // pointer to buffer 
        BUFFER_SIZE,              // size of buffer 
        &dwRead,                  // number of bytes read 
        &dwNeeded))               // bytes in next record 
    {
        while (dwRead > 0) 
        { 
            // Print the record number, event identifier, type, 
            // and source name. 
 
            printf("%02d  Event ID: 0x%08X ", 
                dwThisRecord++, pevlr->EventID); 
            printf("EventType: %d Source: %s\n", 
                pevlr->EventType, (LPSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD))); 
 
            dwRead -= pevlr->Length; 
            pevlr = (EVENTLOGRECORD*)((LPBYTE) pevlr + pevlr->Length); 
        } 
 
        pevlr = (EVENTLOGRECORD *) &bBuffer; 
    } 
 
    CloseEventLog(h); 
}

링크

kb/windowseventlog.txt · 마지막으로 수정됨: 2014/11/09 21:06 (바깥 편집)